Configurar TLS PAP WiFi en macOS High Sierra usando Apple Configurator 2



Creating the Profile with Apple Configurator

  1. Download the RADIUS server certificate to your local system
  2. Open Apple Configurator 2 from your Applications Folder
  3. Click on Apple File Menu at the top of your screen and choose New Profile. Alternatively press ⌘N
  4. Select Certificates from the left navigation and choose Configure
  5. Browse to the folder you chose to download from Step 1, select the file and hit Open
  6. Select Wi-Fi from the left navigation and choose Configure
  7. Once in this screen, you should apply these settings as seen below:
  8. On the Wi-Fi page, Hit Trust under Enterprise Settings
  9. Check the certificate box which was added in Step 6 & 7
  10. Hit Save
  11. Due to the fact you left the username blank, it will trigger this screen upon saving
  12. Hit Save Anyway
  13. Click General from the left navigation
  14. Enter in a Name for the Profile and select the remaining profile settings you choose then hit Save
  15. To distribute, click the Apple File menu at the top of your screen and click Sign Profile…

Saving the Profile on Mac

  1. Search for and open the Profiles utility on the Mac where the Profile is to be saved
  2. Select the Add Profile symbol
  3. Select the Profile you saved while creating the WiFi profile per the steps above
  4. You will initially be prompted to confirm you want to install the profile. Click Continue
  5. You may be prompted to ensure you want to continue to install the profile. Click Continue
  6. When installing, you will be prompted for a user name which can be left blank. Click Install
  7. When prompted, sign in to the Mac with administrator privileges.
  8. The Profile will then be successfully installed
  9. Note that it is recommended to remove other profiles to ensure there are no conflicts.

Logging into the RADIUS-Integrated WAP

  1. Select your Wireless SSID you input in your Apple Configurator Profile
  2. You will be prompted to see the certificate for the JumpCloud RADIUS server
  3. You will then be prompted to authenticate against the RADIUS

Removing Wireless Network Profile

If you choose to utilize PEAP for authentication instead of EAP-TTLS/PAP, or are possibly looking to remove the service, you will be required to delete the existing wireless connection. After the connection has been successfully removed you may again connect to your WAP or Router device using non-EAP-TTLS methods. No additional configuration is required for PEAP with JumpCloud RADIUS, so with the old profile removed the user may connect to networking device normally.

  1. Click on the Apple menu and choose System Preferences…
  2. Select Profiles
  3. Click on the wireless network that applies to your RADIUS EAP-TTLS configuration in the left pane
  4. Once selected, click the – (minus) displayed at the bottom-left of the window to delete